PT-2024-7577 · Linux+8 · Linux Kernel+8

Syzbot

Published

2024-09-19

Updated

2025-11-19

CVE-2024-47685

CVSS v3.1

9.4

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58

Description The issue is related to the nf reject ip6 tcphdr put() function in the Linux kernel's netfilter module, which may send garbage on the four reserved TCP bits (th->res1). This is due to the use of uninitialized memory. The problem can be resolved by using skb put zero() to clear the whole TCP header, as done in nf reject ip tcphdr put(). The vulnerability may allow an attacker to impact the confidentiality and availability of protected information.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider disabling the nf reject ip6 tcphdr put() function until a patch is available. Restrict access to the vulnerable nf reject ipv6 module to minimize the risk of exploitation. Avoid using the th->res1 variable in the affected TCP header until the issue is resolved.

Exploit

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2024-14046

ALT-PU-2024-14268

ALT-PU-2024-14270

ALT-PU-2024-14503

ALT-PU-2024-15739

ALT-PU-2024-16172

AZL-50706

AZL-51000

BDU:2024-08983

CVE-2024-47685

DLA-4008-1

DLA-4075-1

INFSA-2025_6966

LSN-0115-1

MGASA-2024-0344

MGASA-2024-0345

OESA-2024-2321

OESA-2024-2322

OESA-2024-2323

OESA-2024-2324

OESA-2024-2325

OPENSUSE-SU-2024:14500-1

OPENSUSE-SU-2024_3983-1

OPENSUSE-SU-2024_3984-1

OPENSUSE-SU-2024_3985-1

OPENSUSE-SU-2024_3986-1

OPENSUSE-SU-2025:14705-1

RHSA-2025:6966

RHSA-2025_6966

SUSE-SU-2024:3983-1

SUSE-SU-2024:3984-1

SUSE-SU-2024:3985-1

SUSE-SU-2024:3986-1

SUSE-SU-2024:4100-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4387-1

SUSE-SU-2025:0034-1

SUSE-SU-2025:20163-1

SUSE-SU-2025:20164-1

SUSE-SU-2025:20246-1

SUSE-SU-2025:20247-1

USN-7166-1

USN-7166-2

USN-7166-3

USN-7166-4

USN-7186-1

USN-7186-2

USN-7194-1

USN-7276-1

USN-7277-1

USN-7293-1

USN-7294-1

USN-7294-2

USN-7294-3

USN-7294-4

USN-7295-1

USN-7301-1

USN-7303-1

USN-7303-2

USN-7303-3

USN-7304-1

USN-7310-1

USN-7311-1

USN-7384-1

USN-7384-2

USN-7385-1

USN-7386-1

USN-7393-1

USN-7401-1

USN-7403-1

USN-7413-1

USN-7468-1

USN-7539-1

USN-7540-1

USN-7727-1

USN-7727-2

USN-7727-3

USN-7755-1

USN-7755-2

USN-7755-3

USN-7875-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Hat

Red Os

Suse

Ubuntu

PT-2024-7577 · Linux+8 · Linux Kernel+8

CVE-2024-47685

Weakness Enumeration

Related Identifiers

Affected Products

References · 3216